AI Threat Alert
Attack Type
Data Leakage
Data leakage vulnerabilities allow unauthorized access to sensitive data processed by AI systems — including PII in training data, API keys in prompts, or confidential information in model responses.
128
Total CVEs
7
Pages
Page 2 of 7
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-6985 | langchain-text-splitters: XXE enables arbitrary file read | langchain-text-splitters | 7.5 |
| HIGH | CVE-2025-8709 | langgraph-checkpoint-sqlite: SQL Injection exposes database | langgraph-checkpoint-sqlite | 7.3 |
| MEDIUM | CVE-2023-1651 | AI ChatBot WP: auth bypass exposes OpenAI config + XSS | wpbot | 5.4 |
| HIGH | CVE-2024-34527 | SolidUI: OpenAI API key exposed via log print statement | 7.5 | |
| HIGH | CVE-2024-0452 | WordPress AI ChatBot: auth bypass enables OpenAI file upload | wpbot | 7.7 |
| LOW | CVE-2024-40594 | ChatGPT macOS: cleartext conversation storage exposed | 2.3 | |
| HIGH | CVE-2024-7714 | AYS ChatGPT WP Plugin: auth bypass disables AI service | 7.5 | |
| MEDIUM | CVE-2025-6716 | Contest Gallery WP Plugin: Stored XSS in OpenAI integration | 6.4 | |
| MEDIUM | CVE-2025-7780 | WordPress AI Engine: SSRF leaks files via OpenAI API | 6.5 | |
| MEDIUM | CVE-2025-60511 | Moodle: IDOR enables unauthorized data access | 4.3 | |
| MEDIUM | CVE-2025-12732 | AI component: Info Disclosure leaks sensitive data | 4.3 | |
| MEDIUM | CVE-2025-14980 | BetterDocs: Info Disclosure leaks sensitive data | 6.5 | |
| HIGH | CVE-2025-65098 | typebot: XSS enables session hijacking | 7.4 | |
| LOW | CVE-2023-1176 | MLflow: path traversal exposes arbitrary local files | mlflow | 3.3 |
| HIGH | CVE-2023-2356 | MLflow: path traversal allows unauthenticated file read | mlflow | 7.5 |
| HIGH | CVE-2023-30172 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| CRITICAL | CVE-2023-3765 | MLflow: path traversal allows arbitrary file read | mlflow | 10.0 |
| HIGH | CVE-2023-43472 | MLflow: unauth REST API leaks sensitive ML data | mlflow | 7.5 |
| HIGH | CVE-2024-1558 | MLflow: path traversal enables arbitrary file read | mlflow | 7.5 |
| HIGH | CVE-2024-1594 | MLflow: path traversal via URI fragment reads arbitrary files | mlflow | 7.5 |